On Thu, 09 Jul 2020 18:07:39 +0300 nickysn@xxxxxxxxx wrote: > Yes, that's why "secure boot" should only be an option and the user > must have the option to turn it off. Otherwise, it wouldn't be > possible to do any kernel development on that computer. For my edification. I build custom kernels, and sign them using pesign with my own key that I generated locally, and put in the EFI key database. I can then boot the custom kernel in secure mode. Couldn't I also sign modules if I ever generated them with that same key? That is, isn't this only an issue if the person doing the kernel development hasn't generated their own key, and isn't signing their kernels locally? _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
